NR-1 – General Provisions and Occupational Risk Management

(MTE Ordinance No. 1419, of August 27, 2024)

1.1 Objective

1.1.1 The purpose of this standard is to establish the general provisions, scope, terms and definitions common to the regulatory standards (NRs) on occupational health and safety and the guidelines and requirements for the management of occupational risks and preventive measures in occupational health and safety.

1.1.2 For the purpose of applying the NR, the terms and definitions in Annex I shall be taken into account.

1.2 Scope

1.2.1 The NRs are binding on employers and employees in both urban and rural areas.

1.2.1.1 The NRs are mandatory for organizations and public bodies of direct and indirect administration, as well as for bodies of the legislative and judicial branches and the Public Prosecutor’s Office, whose employees are subject to the Consolidation of Labour Laws.

1.2.1.2 By law, the provisions of the NRs apply to other legal relationships.

1.2.2 Compliance with the NRs does not exempt organizations from compliance with other provisions contained in building codes or sanitary regulations of states or municipalities, as well as those arising from collective bargaining agreements.

1.3 Responsibilities and structure

1.3.1 The Secretariat of Labor (STRAB), through the Undersecretariat of Labor Inspection (SIT), is the national body competent in matters of occupational health and safety to:

a) formulate and propose the guidelines, operating standards and supervise activities in the area of occupational health and safety;
b) promote the National Campaign for the Prevention of Workplace Accidents (CANPAT);
c) coordinating and supervising the Workers’ Food Program (PAT);
d) promote the monitoring of compliance with the legal and regulatory requirements on occupational health and safety across the national territory;
e) participate in the implementation of the National Occupational Health and Safety Policy (PNSST); and
f) hear appeals, whether voluntary or on its own initiative, as the last instance, against decisions of the regional body responsible for occupational health and safety, unless expressly provided otherwise.

1.3.2 It is the responsibility of the SIT and the regional bodies subordinate to it in matters of occupational safety and health, within the limits of their competence, to carry out:

g) enforcement of the legal and regulatory rules on occupational safety and health; and
h) activities related to CANPAT and PAT.

1.3.3 It is the responsibility of the Regional Labour Authority to impose the appropriate sanctions for non-compliance with the legal and regulatory provisions on occupational safety and health.

1.4 Rights and responsibilities

1.4.1 The employer is responsible to:
a) comply with and enforce the legal and regulatory requirements for occupational health and safety;
b) inform workers of:
I. the occupational risks present in the workplace;
II. the preventive measures adopted by the company to eliminate or reduce such risks;
III. the results of the medical examinations and complementary diagnostic tests to which the workers themselves are subjected; and
III. the results of the medical examinations and complementary diagnostic tests to which the workers themselves are subjected; and
IV – the results of environmental assessments conducted in the workplace.
c) prepare instructions on occupational health and safety and to inform the workers;
d) allow workers’ representatives to accompany the monitoring of legal and regulatory provisions on occupational health and safety;
e) determine the procedures to be followed in the event of an occupational accident or illness, including the analysis of its causes;
f) provide the Labour Inspectorate with all information related to occupational safety and health; and
g) implement preventive measures, in consultation with the workers, in the following order of priority:
I. elimination of risk factors;
II. minimization and control of risk factors through collective protective measures; III. the minimization and control of risk factors through the adoption of administrative or organizational measures; and
IV. the adoption of individual protective measures.

1.4.1.1 Organizations required to establish a CIPA according to NR-5 shall, in addition to other measures they deem necessary, adopt the following measures to prevent and combat sexual harassment and other forms of violence in the workplace: (MTP Ordinance No. 4.219, of December 20, 2022)

a) inclusion of rules of conduct regarding sexual harassment and other forms of violence in the company’s internal regulations, with wide dissemination of their content to male and female employees;
b) establishment of procedures for receiving and monitoring complaints, investigating the facts and, where appropriate, imposing administrative sanctions on those directly or indirectly responsible for acts of sexual harassment and violence, while ensuring the anonymity of the person making the complaint, without prejudice to the appropriate legal procedures; and
c) at least every 12 (twelve) months, providing training, orientation, and awareness-raising to male and female employees at all levels of the organization on issues related to violence, harassment, equality, and diversity in the workplace, in accessible, appropriate formats that are as effective as possible.

1.4.2 The workers are responsible for:

a) to comply with the legal and regulatory provisions on occupational health and safety and health, including the instructions given by the employer;
b) undergo the medical examinations provided for in the NR;
c) collaborate with the organization in implementing the NR; and
d) use the personal protective equipment provided by the employer.

1.4.2.1 An employee’s unjustified refusal to comply with the provisions of the previous item constitutes an act of misconduct.

1.4.3 The worker may interrupt their activities when they identify a work situation that, in their view, for reasonable reasons, involves a serious and imminent risk to their life or health, immediately informing their superior. (amended by MTE Ordinance No. 342, of March 21, 2024)

1.4.3.1 The employer cannot require workers to return to the activity until corrective measures are taken to address the serious and imminent risk to their life or health. (amended by MTE Ordinance No. 342, of March 21, 2024)

1.4.3.2 The worker must be protected from unjustified consequences resulting from the interruption provided for in item 1.4.3 of this NR. (added by MTE Ordinance No. 342, of March 21, 2024)

1.4.3.3 The worker must immediately report to their superior any work situations that involve a serious and imminent risk to their life or health, as well as to the life or health of others. (added by MTE Ordinance No. 342, of March 21, 2024)

1.4.4 Each worker must be provided with information at the time of recruitment or when transferring to a job involving a change in risks, concerning:

a) the occupational risks that exist or may arise in the workplace;
b) the means of preventing and controlling such risks;
c) the measures adopted by the organization
d) the procedures to be followed in the event of an emergency; and
e) the procedures to be adopted in accordance with 1.4.3 and 1.4.3.1.

1.4.4.1 Information can be provided:

f) during training; and
g) through safety briefings, physical or electronic documents.

Text as per MTE Ordinance No. 344, of March 21, 2024 (effective until May 25, 2025)

Text as per MTE No. 1419, of August 27, 2024 (effective as of May 25, 2025)

1.5 Occupational risk management 1.5.1 The provisions of this section shall be used to prevent and manage occupational risks. 1.5.2 For the purpose of characterizing unsafe or hazardous activities or operations, the provisions of NR15 – Unsafe Activities and Operations and NR16 – Hazardous Activities and Operations shall be used. 1.5.3 Responsibilities 1.5.3.1. The organization shall establish and implement occupational risk management in its activities. 1.5.3.1.1 The management of occupational risks shall constitute a Risk Management Program (PGR). 1.5.3.1.1.1 At the discretion of the organization, the Risk Management Program may be implemented by operational unit, sector or activity. 1.5.3.1.2 The PGR can be covered by management systems as long as they comply with the requirements of this NR and the legal requirements for occupational health and safety. 1.5.3.1.3 The Risk Management Program shall include or be integrated with plans, programs and other documents required by occupational health and safety legislation. 1.5.3.2 The organization shall: a) avoid occupational risks that may occur in the workplace; b) identify hazards and possible injuries or health problems; c) evaluate occupational risks indicating the level of risks; d) classify occupational risks to determine the need for preventive measures; e) implement preventive measures in accordance with the risk classification and in the order of priority established in paragraph (g) of section 1.4.1; and f) monitor the control of occupational risks. 1.5.3.2.1 The organization shall consider working conditions in accordance with NR-17. 1.5.3.3 The organization shall establish mechanisms to: a) consult with the workers regarding the awareness of occupational risks; for this purpose, the statements of the Internal Commission for Accident and Harassment Prevention (CIPA), if applicable, may be adopted; and b) communicate to the employees the risks consolidated in the risk register and the prevention measures included in the Action Plan of Risk Management Program. 1.5.3.4 The organization shall take the necessary measures to improve its health and safety performance. 1.5.4 Hazard identification and risk assessment process 1.5.4.1 The process of hazard identification and risk assessment shall take into account the provisions of regulatory standards and other legal requirements for occupational health and safety. 1.5.4.2 Preliminary hazard analysis (PHA) 1.5.4.2.1 The preliminary risk analysis shall be carried out: a) before the establishment or new facilities are put into operation; b) for existing activities; and c) changes and introduction of new processes or work activities. 1.5.4.2.1.1 If the risk cannot be avoided at the preliminary risk analysis phase, the organization shall carry out the process of hazard identification and risk assessment as described in the following items. 1.5.4.2.1.2 At the discretion of the organization, the preliminary hazard analysis can be included in the hazard identification phase. 1.5.4.3 Hazard identification 1.5.4.3.1 The hazard identification step shall include a) description of the hazards and possible injuries or health problems; b) identification of the sources or circumstances; and c) identification of the group of workers exposed to the hazards. 1.5.4.3.2 Hazard identification shall address foreseeable external work-related hazards that may affect occupational health and safety. 1.5.4.4 Risk assessment 1.5.4.4.1 The organization shall assess the occupational risks associated with the hazards identified in its establishment(s) to provide information for taking preventive measures. 1.5.4.4.2 For each risk, the level of occupational risk shall be indicated, which is determined by combining the severity of possible injuries or health problems with the probability or chance of their occurrence. 1.5.4.4.2.1 The organization shall select risk assessment tools and techniques that are appropriate to the risk or circumstance being assessed. 1.5.4.4.3 The rating of the severity of the injury or health problem shall take into account the significance of the consequence and the number of workers likely to be affected. 1.5.4.4.3.1 The significance shall take into account the consequences of the occurrence of major accidents. 1.5.4.4.4 The rating of the probability of occurrence of injuries or health problems shall take into account: a) the requirements specified in regulatory standards; b) the preventive measures implemented; c) the requirements of the work activity; and d) comparison of the occupational exposure profile with the reference values established in NR-9. 1.5.4.4.5 After the assessment, the occupational risks shall be classified, taking into account item 1.5.4.4.2, in order to identify the need to adopt preventive measures and prepare an action plan. 1.5.4.4.6 The risk assessment shall be a continuous process and shall be reviewed every two years or when the following situations occur: a) after the implementation of preventive measures, in order to assess residual risks; b) after innovations and changes in technologies, environments, processes, conditions, procedures and work organization that introduce new risks or change existing risks; c) when preventive measures are found to be inadequate, insufficient or ineffective; d) When occupational injuries or illnesses occur; e) when there are changes in current legal requirements. 1.5.4.4.6.1 In the case of organizations certified to the OHS management system standards, the period may be up to 3 (three) years. 1.5.5. Risk control 1.5.5.1. Preventive measures 1.5.5.1.1 The organization shall take preventive measures to eliminate, reduce or control risks whenever: a) the requirements of regulatory standards and legislation so indicate; b) the classification of occupational risks in accordance with item 1.5.4.4.5 so requires; c) a correlation between injuries and health problems of workers and the identified risks and work situations has been demonstrated by medical surveillance. 1.5.5.1.2 If the organization demonstrates that collective protective measures are not technically feasible, or are inadequate, or are in the study, planning, or implementation stages, or even on a temporary or emergency basis, other measures must be taken in accordance with the following hierarchy: a) administrative and organizational measures; and b) use of personal protective equipment (PPE). 1.5.5.1.3 The implementation of preventive measures shall be accompanied by informing workers of the procedures to be adopted and the limitations of the preventive measures. 1.5.5.2. Action plans 1.5.5.2.1 The organization shall develop an action plan that identifies the preventive measures to be implemented, improved or maintained in accordance with item 1.5.4.4.5. 1.5.5.2.2 Preventive measures shall be scheduled and methods for monitoring and measuring results shall be established. 1.5.5.3 Implementation and monitoring of preventive measures 1.5.5.3.1 The implementation of preventive measures and related adjustments shall be recorded. 1.5.5.3.2 The implementation of preventive measures shall be monitored in a planned manner and shall include: a) verification of the implementation of planned measures; b) inspection of workplaces and equipment; and c) monitoring environmental conditions and exposure to harmful agents, as appropriate. 1.5.5.3.2.1 Preventive measures shall be corrected if data obtained during monitoring indicate ineffective performance. Monitoring workers’ health 1.5.5.4.1 The organization shall develop occupational health measures for employees, integrated with other preventive measures, according to the risks related to the work. 1.5.5.4.2 The surveillance of workers’ health shall be a planned, systematic and continuous preventive process, in accordance with the classification of occupational risks and in compliance with NR-7. 1.5.5.5. Analysis of injuries and illnesses 1.5.5.5.1 The organization shall analyze work-related injuries and illnesses. 1.5.5.5.2 The analysis of work-related accidents and illnesses shall be documented and: a) a) consider the situations that cause the events, taking into account the activities actually performed, the working environment, the materials and the organization of work; b) identify the factors related to the event; and c) provide evidence to support and review existing prevention measures. 1.5.6. Emergency preparedness 1.5.6.1 The organization shall establish, implement and maintain procedures for responding to emergency scenarios that are appropriate to the risks, characteristics and circumstances of the activities. 1.5.6.2 The emergency response procedures shall include: d) the means and resources required for first aid and transportation of victims e) the necessary measures to be taken in the event of major emergencies, where applicable. 1.5.7 Documentation 1.5.7.1 The Risk Management Program shall include at least the following documents: a) risk register, b) action plan. 1.5.7.2 The documents that make up the Risk Management Program shall be prepared, dated and signed under the responsibility of the organization, taking into account the provisions of other regulatory standards. 1.5.7.2.1 The documents that make up the Risk Management Program shall always be available to interested employees or their representatives and to the labor inspectorate. 1.5.7.3 Risk register 1.5.7.3.1 The results of the hazard identification and risk assessment shall be compiled in a risk register. 1.5.7.3.2 The risk register shall contain at least the following information: a) characterization of work processes and environments; b) characterization of activities; c) description of the hazards and possible injuries or health problems to workers, identifying the sources or circumstances, a description of the risks arising from the hazards, identifying the groups of workers exposed to those risks, and a description of the preventive measures taken; d) data from the preliminary analysis or monitoring of exposures to physical, chemical and biological agents and the results of the ergonomics assessment in accordance with NR-17; e) risk assessment, including classification for the purpose of preparing the action plan; and f) criteria adopted for risk assessment and decision-making. 1.5.7.3.3 The risk register shall be kept up to date. 1.5.7.3.3.1 The audit trail of changes shall be maintained for at least 20 (twenty) years or for the period specified in specific regulations. 1.5.8 General provisions for occupational risk management 1.5.8.1 When several organizations carry out activities simultaneously in the same workplace, they shall carry out integrated actions to apply prevention measures aimed at protecting all workers exposed to occupational risks. 1.5.8.2 The contracting organization’s Risk Management Program may include prevention measures for companies contracted to provide services on its premises or at a location previously agreed in the contract or referring to the contractors’ programs. 1.5.8.3 Contracting organizations shall provide contractors with information on risks related to that are under their management and that may affect the contractor’s activities. 1.5.8.4 Contracting organizations must provide the contractor with the risk register for specific activities carried out on the contractor’s premises or at a location previously agreed in the contract.

1.5 Occupational risk management 1.5.1 The provisions of this section shall be used to prevent and manage occupational risks. 1.5.2 For the purpose of characterizing unsafe or hazardous activities or operations, the provisions of NR15 – Unsafe Activities and Operations and NR16 – Hazardous Activities and Operations shall be used. 1.5.3.1 The organization must implement occupational risk management in each establishment. 1.5.3.1.1 The management of occupational risks shall constitute a Risk Management Program (PGR). 1.5.3.1.1.1 The PGR can be implemented per operational unit, sector, or activity, at the organization’s discretion. 1.5.3.1.2 The PGR may be met by management systems, provided they comply with the requirements outlined in this NR and occupational safety and health laws. 1.5.3.1.3 The PGR must either include or integrate plans, programs, and other documents as provided in occupational safety and health legislation. 1.5.3.1.4 Occupational risk management must address risks from physical, chemical, and biological agents, accident risks, and ergonomic factors, including psychosocial risk factors related to work. 1.5.3.2 The organization must: a) avoid or eliminate occupational hazards that arise from work activities; b) identify hazards and potential health injuries; c) assess occupational risks, indicating the level of risk; d) classify occupational risks to determine the need for preventive measures; e) implement preventive measures according to the risk classification and following the priority order established in the PGR action plan; f) monitor the control of occupational risks. 1.5.3.2.1 The organization must take into account the working conditions specified in NR-17. 1.5.3.3 The organization must adopt mechanisms to: a) involve workers in the process of managing occupational risks, providing them with basic knowledge about occupational risk management; b) consult workers regarding their perception of occupational risks, and for this purpose, the opinions of the Internal Commission for Accident Prevention and Harassment (CIPA) may be used, when applicable; and c) communicate to workers the risks consolidated in the risk register and the preventive measures outlined in the action plan. 1.5.3.4 The organization must take the necessary measures to improve occupational safety and health performance. 1.5.3.5 Whenever multiple organizations conduct activities at the same workplace simultaneously, they must execute integrated actions to apply prevention measures aimed at protecting all workers exposed to occupational risks. 1.5.4 Hazard Identification and Occupational Risk Assessment 1.5.4.1 The process of identifying hazards and assessing occupational risks must consider the provisions of the Regulatory Standards and other legal occupational safety and health requirements. 1.5.4.2 Preliminary hazard and risk analysis 1.5.4.2.1 The preliminary hazard and risk analaysis must be conducted: a) before the operation of the establishment or new installations; b) for existing activities; and c) during changes or the introduction of new work processes or activities. 1.5.4.2.1.1 The preliminary hazard and risk analysis must be conducted to: a) identify situations where it is possible to avoid or eliminate hazards; and b) identify evident occupational risk situations in which the organization must immediately adopt reduction or control measures. 1.5.4.2.1.2 When, during the preliminary hazard and risk analysis, the hazard cannot be avoided or eliminated, the organization must implement the process of identifying hazards and assessing occupational risks, as provided in subitems 1.5.4.3 and 1.5.4.4 of this NR. 1.5.4.2.1.3 When it is not possible to immediately adopt measures to reduce or control the evident occupational risk during the preliminary survey of hazards and risks, the measures must be included in the action plan, and the risk must be recorded in the risk register. 1.5.4.2.1.3 At the organization’s discretion, the preliminary survey of hazards and risks phase may be incorporated into the hazard identification phase. 1.5.4.3 Hazard Identification 1.5.4.3.1 The hazard identification process must include: a) a description of the hazards and possible injuries or health impacts; b) identification of the sources and/or circumstances; and c) identification of the group of workers exposed to the risks. 1.5.4.3.2 The identification of hazards must consider foreseeable external hazards related to the work that could affect workplace safety and health. 1.5.4.4 Occupational Risk Assessment 1.5.4.4.1 The organization must assess occupational risks concerning the hazards identified in its establishment(s) to maintain information for adopting preventive measures. 1.5.4.4.2 For each risk, the occupational risk level must be determined based on the combination of the severity of possible injuries or health impacts and the likelihood of occurrence. 1.5.4.4.2.1 The organization must select risk assessment tools and techniques that are appropriate for the risk or circumstance under evaluation. 1.5.4.4.2.2 The organization must detail in a document the criteria for grading severity and probability, the levels of risk, the risk classification criteria, and the decision-making criteria used in occupational risk management.1.5.4.4.3 After determining the risk levels, occupational risks must be classified to identify the need for adopting or maintaining preventive measures and preparing the action plan.1.5.4.4.4 Severity must be established based on the magnitude of the possible consequences of injuries or health impacts.1.5.4.4.4.1 For each identified hazard, when there is more than one possible consequence, the consequence of greater magnitude must be selected.1.5.4.4.5 Probability must be established based on the likelihood of injuries or health impacts occurring.1.5.4.4.5.1 The probability grading must take into account compliance with the requirements established in the NR and applicable legislation.1.5.4.4.5.2 For the probability of occurrence of injuries or health impacts resulting from physical, chemical, and biological hazards, the assessment must compare the occupational exposure profile with reference values or apply other criteria established in NR-09 and consider the effectiveness of the preventive measures implemented.1.5.4.4.5.3 For the probability of occurrence of injuries or health impacts resulting from ergonomic factors, including psychosocial risk factors related to work, the risk assessment must consider the demands of the work activity and the effectiveness of the preventive measures implemented.1.5.4.4.5.4 For the probability of occurrence of injuries or health impacts resulting from accidents, the risk assessment must consider the worker’s exposure to the hazard and the effectiveness of the preventive measures implemented.1.5.4.4.6 The risk assessment must be a continuous process and must be reviewed every two years or upon the occurrence of the following situations: a) after the implementation of preventive measures, to evaluate residual risks; b) after innovations and changes in technologies, environments, processes, conditions, procedures, and work organization that result in new risks or modify existing risks; c) when inadequacies, insufficiencies, or ineffectiveness of preventive measures are identified; d) in the event of accidents or work-related illnesses; e) when there is a change in applicable legal requirements; and f) upon a justified request from workers or CIPA, if applicable.1.5.4.4.5.1 For organizations that have occupational safety and health management system certifications, the review period may be extended to up to three years. 1.5.5 Risk Control 1.5.5.1 Preventive Measures 1.5.5.1.1 The organization must adopt preventive measures to eliminate, reduce, or control risks whenever: a) required by Regulatory Standards and legal provisions; b) occupational risk classification so determines, as per subitem 1.5.4.4.3; c) there is evidence of an association between workers’ injuries and health issues and the identified risks and work situations; and d) the results of accident and disease analyses indicate such a need. 1.5.5.1.2 When the organization proves the technical infeasibility of adopting collective protection measures, or when these are insufficient or are in the study, planning, or implementation phases, or even in a complementary or emergency capacity, other measures must be adopted, following this hierarchy: a) administrative or work organization measures; and b) use of personal protective equipment (PPE). 1.5.5.1.3 The implementation of preventive measures must be accompanied by informing workers about the procedures to be adopted and the limitations of the preventive measures. 1.5.5.2 Action Plans 1.5.5.2.1 The organization must develop an action plan, indicating the preventive measures to be introduced, improved, or maintained, as per subitem 1.5.4.4.3. 1.5.5.2.1.1 The number of workers potentially affected should be used as a criterion to increase the priority of actions. 1.5.5.2.2 For the preventive measures, a schedule must be defined with responsible parties, monitoring methods, and performance evaluation criteria. 1.5.5.3 Implementation and Monitoring of Preventive Measures 1.5.5.3.1 The implementation of preventive measures and respective adjustments must be recorded. 1.5.5.3.2 The performance of preventive measures must be monitored in a planned manner and include: a) verification of the execution of planned actions and the continuity of their application, when applicable; b) inspections of workplaces and equipment; c) monitoring of environmental conditions and exposure to harmful agents, when applicable; and d) participation of workers and CIPA, if applicable. 1.5.5.3.2.1 Preventive measures must be corrected when the data obtained from monitoring indicate inefficiency in their performance. 1.5.5.4 Monitoring of Occupational Health 1.5.5.4.1 The organization must develop occupational health actions for workers that are integrated with other preventive measures in occupational safety and health (OSH), according to the risks generated by the work. 1.5.5.4.2 Employee health control must be a planned, systematic, and continuous preventive process, in accordance with the classification of occupational risks and in line with NR-7. 1.5.5.5 Analysis of Work-Related Accidents and Diseases 1.5.5.5.1 The organization must analyze work-related accidents and diseases. 1.5.5.5.1.1 The analysis of hazardous events that could have serious consequences must be conducted. 1.5.5.5.2 The analyses of work-related accidents and diseases must be documented and: a) consider the situations that generated the events, taking into account the activities actually performed, the work environment, materials, production process, work organization, and other factors related to the events; b) consider the organization’s data, epidemiological data, and information provided by the workers; and c) provide evidence to review and improve existing preventive measures. 1.5.6 Emergency Preparedness and Response 1.5.6.1 The organization must establish, implement, and maintain emergency response procedures, according to the risks, characteristics, and circumstances of the activities. 1.5.6.2 The emergency response procedures must provide, at a minimum: a) the means, responsible parties, and resources necessary for first aid, the transfer of injured individuals, and evacuation from affected areas; and b) the measures necessary for large-scale emergencies, when applicable. 1.5.6.3 The organization must conduct simulation exercises as specified in the emergency response procedure, which must include its frequency. 1.5.6.3.1 Evidence of the simulation exercise must be generated when performed. 1.5.7 Documentation 1.5.7.1 The PGR must include, at a minimum, the following documents: a) a risk register; and b) an action plan. 1.5.7.2 The documents that make up the PGR must be prepared under the responsibility of the organization, respecting the provisions of other Regulatory Standards, and must be dated and signed. 1.5.7.2.1 The documents that make up the PGR must always be available to interested workers, union representatives of the professional categories, and the Labor Inspection. 1.5.7.3 Risk Register 1.5.7.3.1 The data from the identification of hazards and the assessment of occupational risks must be consolidated into a risk register. 1.5.7.3.2 The risk register must include, at a minimum, the following information: a) characterization of work processes and environments; b) characterization of activities; c) description of hazards, including identification of sources and/or circumstances; d) indication of possible injuries or health impacts resulting from workers’ exposure to hazards; e) indication of the groups of workers exposed to hazards; f) description of preventive measures implemented; g) characterization of workers’ exposure to hazards; h) data from the preliminary analysis or monitoring of exposure to physical, chemical, and biological agents, and the results of the ergonomic assessment according to NR-17; and i) risk assessment, including classification for the purpose of preparing the action plan. 1.5.7.3.3 The risk register must be kept up-to-date. 1.5.7.3.3.1 The update history must be kept for a minimum period of 20 years or for the period established in specific regulations. 1.5.8 Occupational Risk Management in Third-Party Service Relationships 1.5.8.1 The PGR of the contracting organization must include the preventive measures for the contracted organizations that operate in its premises or at a location previously agreed upon in the contract, or it must reference the programs of the contracted organizations. 1.5.8.1.1 In the case of using the programs of the contracted organizations, they must provide the contracting organization with the risk register and the action plan related to the activities for which they were contracted. 1.5.8.1.2 In the case of contracted organizations where the services are provided only by the owner or partners, the contracting organization must extend its preventive measures to the risks associated with the activities for which they were contracted, when operating in its premises or at a location previously agreed upon in the contract. 1.5.8.2 The contracting organizations must inform the contracted organizations of the occupational risks under their responsibility that may impact the activities of the contracted organizations. 1.5.8.3 The contracted organizations must inform the contracting organizations of the occupational risks under their responsibility that may impact the activities of the contracting organizations. 1.5.8.4 In the case of contracted organizations performing activities at the contracting organization’s establishment where risks arise from the interaction of activities between the organizations, the preventive measures must be defined jointly under the coordination of the contracting organization.

1.6 Providing digital information and digitizing documents

1.6.1 Organizations shall provide occupational health and safety information in digital format according to the model approved by STRAB after consultation with the SIT.

1.6.1.1 The models approved by STRAB shall take into account the principles of simplification and reduction of bureaucracy. 1.6.2 The documents provided for in the NR may be issued and stored in digital media with a digital certificate issued within the framework of the Brazilian Public Key Infrastructure (ICP-Brazil), standardized by a specific law.

1.6.3 Physical documents signed manually, including those before the effective date of this NR, may be archived in digital media, for the corresponding period required by specific legislation, through a digitization process as provided by law.

1.6.3.1 The digitization process shall be carried out in order to maintain the integrity, authenticity and, if necessary, the confidentiality of the digital document, using a digital certificate issued within the framework of the Brazilian Public Key Infrastructure (ICP-Brazil).

1.6.3.2 Employers who choose to keep the documents provided for in the legislation shall keep the originals as provided by law.

1.6.4 The employer shall guarantee the preservation of all digital or digitized documents through procedures and technologies that allow their legal validity to be verified at any time throughout the national territory, permanently guaranteeing their authenticity, integrity, availability, traceability, irreversibility, privacy and interoperability.

1.6.5 The employer shall guarantee the full and unrestricted access of the labor inspectorate to all digitized or originally digital documents.

1.6.5.1 For documents that must be available to workers or their representatives, the organization shall provide them with the means to access the information in order to meet the objectives of the specific standard.

1.7 Qualification and training in health and safety at work

1.7.1 The employer shall promote the qualification and training of employees in accordance with the provisions of the regulatory standards (NRs).

1.7.1.1 At the end of the initial, periodic or occasional training provided for in the NR, a certificate shall be issued containing the name and signature of the worker, program content, workload, date, place of training, name and qualification of the instructors and signature of the technical person responsible for the training.

1.7.1.2 Training shall include:

a) initial training;
b) periodic training; and
c) occasional training.

1.7.1.2.1 Initial training shall be carried out before the worker starts his duties or according to the period specified in the NR.

1.7.1.2.2 Periodic training shall be provided according to the frequency specified in the NR or, if not specified, within a period determined by the employer. 1.7.1.2.3 Occasional training shall take place:

a) when there is a change in work procedures, conditions or operations, which implies a change in risks at work;
b) in the event of a serious or fatal accident which indicates the need for new training; or
c) after returning from a leave of absence of more than 180 (one hundred and eighty) days.

1.7.1.2.3.1 The workload, duration and programmatic content of any training shall be suited to the situation that justified it.

1.7.1.3 Training may include:

a) practical training, supervised professional practice or on-the-job instruction;
(b) simulated exercises; or
(c) qualification to operate vehicles, vessels, machinery or equipment.

1.7.2 The time spent in training provided for in the NR shall be considered as working hours.

1.7.3 The certificate shall be provided to the employee and a copy shall be retained by the organization.

1.7.4 The training shall be recorded in the employee’s records.

1.7.5 Training required by the NR may be provided in addition to other training in the organization, as long as the content and workload are consistent with the applicable regulatory standard.

Sharing content within the same organization

1.7.6 Reuse of training content provided by the same organization is permitted provided that:

a) the content and workload required for the new training is included in the previous training;
b) the content of the previous training was delivered within a period of time less than that specified in the NR, or less than 2 (two) years if no such period is specified; and
c) validated by the technical person responsible for the training.

1.7.6.1 The use of the content shall be noted on the certificate, stating the content and date of completion of the training used.

1.7.6.1.1 The validity of the new training now takes into account the date of the most recent training.

Sharing training between organizations

1.7.7 The training completed by the employee can be evaluated and validated or complemented by the organization.

1.7.7.1 The validation shall take into account:

a) the activities performed by the employee in the previous organization, if applicable;
b) the activities to be performed in the organization;
c) the content and workload completed;
d) the content and workload required; and
e) whether the last training was carried out in a period shorter than that specified in the NR, or less than 2 (two) years ago in cases where no period is specified in the NR.

1.7.8 The use of previous training, in whole or in part, shall not relieve the organization of its responsibility to issue a certificate of training to the employee, and the certificate shall state the date on which the validated or complemented training was conducted.

1.7.8.1 The date of the most recent validated or complemented training shall be used to determine the period of refresher training.

Distance or semi-presential training

1.7.9 The training may be distance or semi-presential provided that the operational, administrative, technological and pedagogical structuring requirements set out in Annex II of this NR are met.

1.7.9.1 The practical content of the training may be delivered via distance learning or semi-presential provided that it is provided for in a specific NR.

1.8 Different treatment for individual microentrepreneurs (MEI), microenterprises (ME) and small businesses (EPP)

1.8.1 The individual microentrepreneur (MEI) is exempted from the obligation to prepare the Risk Management Program.

1.8.1.1 The exemption from the obligation to prepare the Risk Management Program does not extend to the MEI contracting organization, which must include it in its preventive actions and in its PGR when it operates in its premises or in a location previously agreed in the contract.

1.8.2 The Special Secretariat for Social Security and Employment (SEPRT) will issue forms with instructions on the preventive measures to be taken by the MEI.

1.8.3 Micro-enterprises and small businesses that are not required to establish an SESMT and that choose to use the risk assessment tool(s) to be provided by the SEPRT as an alternative to the tools and techniques provided for in item 1.5.4.4.2.1, will be able to structure the Risk Management Program taking into account the report generated by this tool(s) and the action plan.

1.8.4 Microenterprises and small businesses, risk levels 1 and 2, which do not identify occupational exposures to physical, chemical and biological agents in the preliminary hazard analysis and declare digital information in the form of item 1.6.1 are exempted from the preparation of the Risk Management Program.

1.8.4.1 The declared digital occupational health and safety information shall be disclosed to the employees.

1.8.5 The exemption provided for in this standard applies to the obligation to prepare the Risk Management Program and does not remove the obligation for MEI, ME and EPP to comply with the other provisions of the NR.

1.8.6 MEI, ME and EPP, risk levels 1 and 2, who declare digital information in the form of item 1.6.1 and do not identify occupational exposures to physical, chemical, biological agents and risks related to ergonomic factors, are exempted from preparing the Occupational Medical Surveillance Program (PCMSO)

1.8.6.1 Exemption from the PCMSO does not exempt the company from conducting medical examinations and issuing the Occupational Health Certificate (ASO).

1.8.7 Risk levels 1 and 2 referred to in items 1.8.4 and 1.8.6 are those provided for in NR04 – Specialized Services in Occupational Health and Safety (SESMT).

1.8.8 The employer is responsible for providing the information specified in 1.8.4 and 1.8.6.

1.9 Final provisions

1.9.1 Failure to comply with the legal and regulatory provisions on health and safety at work will result in the penalties provided for in the relevant legislation.

1.9.2 Any failure to comply with the NRs will be decided by the Labor Secretariat after consultation with the SIT.

---

Annex I Terms and Definitions

Annex II Guidelines and Minimum Requirements for the Use of Distance and Semi-Presencial Education